Fix some webui that doesn't allowed in private window is loaded in private window #1295
Conversation
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
3 times, most recently
from
c56a0bc
to
3db9f6a
Compare
| #undef Navigate | ||
| #undef IsURLAllowedInIncognito | ||
|
|
||
| void Navigate(NavigateParams* params) { |
There was a problem hiding this comment.
this is exactly what we don't want to do: try to find every place we need to hook in to map the url. We need to map it once and only once in a place that takes effect before any security checks
There was a problem hiding this comment.
I tried to test this place as a replacement of current mapping not for another hooking with current one. So I inserted NOTREACHED() there.
There was a problem hiding this comment.
Of course, I'll still studying navigation flow to find better place :)
There was a problem hiding this comment.
yep, just need to remember that there are many, many different paths and most of the are initiated by the renderer
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
3 times, most recently
from
2e2d7fa
to
83b19b3
Compare
simonhong
changed the title
simonhong
changed the title
|
@bridiver With this new mapping timing, previously skipped url check/verification that did for chrome ui are also applied to brave ui for browser-initiated navigation. |
| @@ -63,6 +63,12 @@ namespace { | |||
|
|
|||
| bool HandleURLRewrite(GURL* url, | |||
| content::BrowserContext* browser_context) { | |||
| if (url->SchemeIs(kBraveUIScheme)) { | |||
There was a problem hiding this comment.
seems like this should be a DCHECK
| } | ||
|
|
||
| +#if defined(BRAVE_CHROMIUM_BUILD) | ||
| + DCHECK(!url.SchemeIs(content::kBraveUIScheme)) |
There was a problem hiding this comment.
we definitely do not want to patch in a DCHECK here
| @@ -13,6 +13,10 @@ | |||
| bool FixupBrowserAboutURLBraveImpl(GURL* url, | |||
| content::BrowserContext* browser_context) { | |||
| if (url->SchemeIs(kBraveUIScheme)) { | |||
| NOTREACHED() << "brave url should not be reached here. scheme mapping " | |||
There was a problem hiding this comment.
why would we put a NOTREACHED() before a bunch of code? This does not seem correct to me
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
from
83b19b3
to
e9f0ccc
Compare
|
@bridiver Rebased onto the master and I think all your comments were resolved with this rebase. |
| host != chrome::kChromeUISuggestionsHost; | ||
| } | ||
|
|
||
| +#if defined(BRAVE_CHROMIUM_BUILD) |
There was a problem hiding this comment.
This is needed for our sync page.
Our sync page is not allowed to load private window.
That causes crash for now.
There was a problem hiding this comment.
so this is a good example of what I brought up in slack today. If we create this one-off patch then someone else will have to come in and create another one if there is some other host we don't want in private tabs. We should have a chromium_src override that defines a method to call here
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
from
e9f0ccc
to
d2a5854
Compare
simonhong
changed the title
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
2 times, most recently
from
857a3e0
to
3c89b51
Compare
Some brave pages should not be loaded in private window such as brave://settings. Instead, they should be redirected to normal window. Also sync/rewards host are added to not allowed list.
simonhong
force-pushed
the
adjust_url_mapping_timing
branch
from
3c89b51
to
205f727
Compare
Some webui should not be loaded in private window.
Instead, they should be redirected to normal window.
This also fixes crash when user tries to load sync page in private window.
Sync page will be also redirected to normal window.
Fix brave/brave-browser#2853
Fix brave/brave-browser#2852
Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests) ongit rebase master(if needed).git rebase -ito squash commits (if needed).Test Plan:
BraveSchemeLoadBrowserTest.*PageIsNotAllowedInPrivateWindowReviewer Checklist: